1. Field of Disclosure
The disclosure generally relates to the field of computer security, in particular to cache security.
2. Description of the Related Art
As the Internet becomes the predominant means of content distribution and network applications such as web browsers become key applications that enable interactions with many applications within enterprises or across enterprises, network applications are expected to perform faster than ever. Network caching (also called web caching, HTTP caching) is often used to give users a perception of faster network experience. Network caching reduces bandwidth usage, server load, and retrieving time by caching (storing) previously retrieved network content such as images, scripts, and web documents for later use.
Because network content retrieved by a computer may have been compromised, such compromised content may be stored in a network cache, thereby polluting the network cache (also called network cache poisoning). For example, a user may use a low-security network (e.g., a Hotspot Wi-Fi network provided by a café) to browse the Internet. A malicious party may hijack the low-security network and provide a maliciously constructed response to the user. The malicious party may cause the user's computer to cache the maliciously constructed response for a long time by manipulating the attributes of the maliciously constructed response (e.g., setting the Last-Modified HTTP header to a future time). By storing the maliciously constructed response in the network cache, the impact of the response is magnified because the user will continue to receive the malicious content until the cache entry is purged. Network cache poisoning is even more problematic when the poisoned network cache is used by multiple users.
Other than turning off the network caching all together, currently there is no security solution to the problem of network cache poisoning. Accordingly, there is a need for techniques that can detect suspicious network cache content and prevent the suspicious content from carrying out malicious activities.